* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Mainline How Secure Are You K12 Security Preseo Rev 1
Survey
Document related concepts
Next-Generation Secure Computing Base wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Post-quantum cryptography wikipedia , lookup
Unix security wikipedia , lookup
Computer and network surveillance wikipedia , lookup
Airport security wikipedia , lookup
Wireless security wikipedia , lookup
Information security wikipedia , lookup
Distributed firewall wikipedia , lookup
Cyber-security regulation wikipedia , lookup
Mobile security wikipedia , lookup
Cybercrime countermeasures wikipedia , lookup
Transcript
How Secure Are You? • Security Concerns • Questions to ask Yourself • Approaches to Consider Presented By – Wayne T Work Sr. CISSP Senior Security Engineering Consultant and Security Services Practice Manager Mainline Information Systems Security Solutions Group October 15, 2009 Agenda 1. Mainline Information Systems 2. K – 12 Security Concerns 3. Questions to ask yourself 4. Approaches to Consider 5. Overview of Mainline’s Security Practice 6. Open Discussion Mainline Information Systems • Founded in 1989 • • • • • • • • • IBM Premiere BP IBM ISS Partner of the Year 2008 IBM Beacon Award for Security 2009 First National VMware Partner Cisco’s 2008 Customer Satisfaction Excellence BP Growth Award Wyse 2008 Visionary Partner of the Year Client Centric Team – Solution Specialist + Customer Care + Brand Specialist + Techline We sell hardware, software and services 98% Customer Satisfaction Mainline Solution Focus I/T Optimization (Virtualization, Consolidation) Business Continuity/ Disaster Recovery I/T Modernization Security Systems & Data Management Network Optimization & Management ISV & Industry Solutions I/T Asset Management Utilization Assessments Risk Assessment Studies IBM Servers Threat Mgmt Tivoli Storage Management Network Assessment & Design SAP OnDemand Utility Computing Desktop Consolidation (Virtual Client) Continuous Data Protection (InMage, Vision, FalconStor) IBM Storage Compliance Tivoli Monitoring Network Infrastructure (Cisco) BI/ SAS Financing VMware (xSeries) Mainline Disaster Recovery Capacity Planning & Analysis Identity Mgmt IBM Information Management Network Connectivity (AT&T Circuits) Brokerage LPAR (Power & zSeries) High Availability (HACMP, P/S, Mimix, iTera, Double-Take) Migration Services Data Security) Data Warehousing & Business Intelligence Data Center Network Portfolio Management Voice over IP Maintenance Contract Mgmt Storage Virtualization (SAN SVC) Virtual Tape Server (VTS) Green (energy efficient data ctr) Desktop Recovery (Persystent) IBM BCRS Digital Video Security Content Management Computer Recycling Disk & Tape Encryption Multivendor Maintenance ID and Access Management* Solution Architecture, Design & Implementation Services | Managed Operations | Hosting | Ongoing Technical Support Wayne Work, CISSP • Senior Information Security Solution Engineer - Mainline Information Systems Certified Information Security Professional (CISSP) Most recently held the position of the Director, Information Security, Architecture and Standards for New England’s largest bank with assets in excess of 23 billion and over 300 locations prior to joining Mainline Information Systems Inc 30+ years of in-depth computer based electronic systems maintenance and complex major systems development within the DOD, DOE, DOT and private industry 1. K – 12 Security Concerns CIA Triad Confidentiality Integrity Availability K - 12 Security Concerns • • • • • • • • Student Safety Data Protection Resource Misuse Prevention Network and Applications Availability Solution Affordability Solution Longevity Transparency Operational ease / automation The Issues • Rapid Advancements in Technological – – – – Progress New Frontier Uncontrollable change Opportunistic times • Availability of Hacking Tools – Open Source – Free Demo Software – The Internet • Current World Events Effecting Everybody – Economy meltdown challenges – WAR times Laws Effecting Children in Schools • Children's Online Privacy Protection Act of 1998 (COPPA) – applies to the online collection of personal information by persons or entities under U.S. jurisdiction from children under 13 years of age • Children's Internet Protection Act (CIPA) 2000 – CIPA requires schools and libraries using E-Rate discounts to operate "a technology protection measure with respect to any of its computers with Internet access that protects against access through such computers to visual depictions that are obscene, child pornography, or harmful to minors..." Such a technology protection measure must be employed "during any use of such computers by minors." The law also provides that the library "may disable the technology protection measure concerned, during use by an adult, to enable access for bona fide research or other lawful purpose." Libraries that do not receive E-Rate discounts do not have any obligation to filter under CIPA. Actions required of any Educational IT Infrastructure to ensure that is practicing due care: • Establishing adequate physical and logical access controls • Establishing adequate telecommunications security, which could require encryption • Performing proper information, application, and hardware backups • Maintaining disaster recovery and business continuity plans and testing them • Informing staff properly of expected behavior and ramifications of not following expectations • Developing a security policy, standards, procedures, and guidelines • Performing security-awareness training of students and staff Actions required of any Educational IT Infrastructure to ensure that is practicing due care: (Cont’) • Running updated antivirus software • Performing penetration tests periodically from outside and inside the network • Implementing measures that ensure that software piracy is not taking place • Ensuring that proper auditing and review of those audit logs are taking place • Conducting background checks on potential staff and teachers • Each organization could have different requirements when it comes to this list of due care responsibilities Understanding the Problems 1. Volume, Volume, Volume 2. Social Engineering and User Behavior 3. What’s on that Web Page 4. Malware Defeats Anti-Virus Signatures 5. Web Servers Vulnerable Volume, Volume, Volume More Spam and More Spammers Catch Rates Must Increase Just to Stay Even… Average Simultaneous Compromised Hosts (thousands) Average # Compromised Hosts 500 Average Daily Spam Volume Average Daily Spam Volume (billions) More Spam • Daily spam volume doubles yearly • Reaching 180 billion spam messages per day 180 160 140 120 100 80 60 40 20 0 Q1'07 450 Q2'07 Q3'07 Q4'07 Q1'08 Q2'08 Q3'08 Q4'08 Calendar Quarter Period 400 350 300 More Spammers 250 200 • More Spammers with Botnet compromised hosts sending spam 150 100 50 0 Q1'07 Q2'07 Q3'07 Q4'07 Q1'08 Q2'08 Calendar Quarter Period Q3'08 Q4'08 • Malware sophistication increasing Hackers can make more money by engaging (tricking) the user Social Engineering: Current Events BOTSITE If Infected, Fake Scan Recommends “Removal” “Antivirus XP has found 2794 threats. It is recommended to proceed with removal” Malware Distribution Vectors Web Social Engineering Anti-Spyware Due Diligence Web Redirection • Browse spamvertized domain –kxbkhs.lztalsole.com • What website do you see? –r2.rx-shop.biz –“Pharma Shop” • Web site redirection Other Issues URL and URL obfuscation DNS and hosts file http://kxbkhs.lztalsole.com/ GET / HTTP/1.1 Host: kxbkhs.lztalsole.com >> HTTP/1.x 302 Moved Temporarily >> Location: http://r2.rx-shop.biz -----------------------------------------------http://r2.rx-shop.biz/images/bot_01.gif GET /images/bot_01.gif HTTP/1.1 Host: r2.rx-shop.biz >> HTTP/1.x 200 OK Malware Is on the Rise # of unique Malware samples in 2006: 972K # of unique Malware samples in 2007: 5.5M 500% increase in 12 Months Virus Sophistication Beats AV • 182 virus tools at VX Heavens website vx.netlux.org –Example: NGVCK (Next Generation Virus Creation Kit) • Poly/Metamorphic tools create random variants • Viruses download fresh copy every 24 hours • Viruses use buddy program to reinstall virus if disinfected Web servers and browsers are the easiest targets for hacks. Most confidential information is passed through the browser (client) Even though the browser (client) is patched, many browser “add-ons” are insecure DLP Pressures Continue to Grow Increasing Reports of Data Loss Email Leakage Is Dominant Issue New Laws Driving New Requirements Biggest worry is still about internal threats... • Malicious/disgruntled employees or teachers: terminated employees may wish to do damage to the network because of a grievance they have against the company or school system. • Unintentional breaches: students put the network at risk by installing unauthorized software, opening virus-infected email attachments, succumbing to social engineering attacks, etc. FACT: THERE ARE MORE EXTERNAL SECURITY BREACHES, BUT INTERNAL BREACHES ARE FAR MORE DAMAGING. The Balancing Act of Security: Risk Management ABSOLUTE SECURITY ABSOLUTE ACCESS • Machine unplugged • Machine always from network available • Locked in a safe • Thrown at bottom of ? • No authorization required • No passwords required ocean …neither is practical Why is Information Security so Important to Educational Institutions? • The most effective and current way we teach/educate our youth • Organizations are becoming more and more dependent on their information systems • Much of the value of a business is concentrated in the value of its information. Information is the basis of competitive advantage • The public is increasingly concerned about the proper use of information, particularly personal data • The threats to and vectors for exploitation of information systems are more available to criminals and terrorists What is Information Security? Security is not a PRODUCT: Security is a PROCESS: The mantra of any good security engineer is: 'Security is a not a product, but a process.' It's more than designing strong cryptography into a system; it's designing the entire system such that all security measures, including cryptography, work together. “ - Bruce Schneier Multi-Layered Malware Defense Protection Against Today’s Threats Layer 4 Traffic Monitor Web Reputation Filters Dynamic Vectoring and Streaming Engine Detects Blocks 70% of Blocks malware based on deep malicious botnet known and content analysis traffic across all unknown ports malware traffic at connection time Enterprise Defense-in-Depth “Layering” security for multiple levels of defense Steps in Establishing a Secure Enterprise 1. Evaluate security risks ◘ ◘ ◘ Internal External Web 2. Identify existing gaps ◘ ◘ Security exposures Hardware, software, administrative inefficiencies 3. Assess security requirements ◘ Spell out security goals ◘ Establish rules of Governance 2. Overview of Mainline’s Security Practice Mainline Security Solutions Group…. a total security solutions provider Infrastructure Security Email/Web Security Products Hardware, Software, Appliances Identity & Access Mgt. Data Leakage Protection Web and Application Security Regulatory Compliance etc. Managed Services Professional Services Solutions for all security needs Security Approach • Vulnerability Management (Reactive) – Identify and fix vulnerabilities • Risk Management (Proactive) – Identify and manage overall Risk Solutions from Perimeter to Core Provide risk management, security governance and regulatory compliance Enable widespread electronic collaboration while protecting data at rest, in motion, in use and at the endpoint Provide an integrated video surveillance and security solution that can include industry-standard components Governance Data security Threat mitigation Physical security Identity and access management Security Solutions Provide on-demand protection to stay ahead of emerging threats Provide clients with planning and implementation of identity and access management needs Security Across the Enterprise IT Landscape Pre-emptive Security Products • IBM Proventia® Management Site Protector • Proventia Network – – – – • • • Intrusion prevention Vulnerability management (Enterprise Scanner) Multi-function security Mail security Proventia Server – Server protection RealSecure Server Sensor – Windows, Solaris, HP-UX, AIX, Linux Proventia Desktop – End-point protection Managed Security Services Offerings Managed Protection Services Offers the most comprehensive protection services for networks, servers, and desktops, featuring the industry's only money-back cash payment. Managed and Monitored Firewall Services Offers 24/7/365 expert daily management of a variety of firewall platforms. Managed IDS / IPS Services Provides 24/7/365 monitoring, intrusion detection, and prevention, as well as incident response services for networks and servers. Vulnerability Management Service Performs regularly-scheduled, automated scans of internal and external devices for hundreds of known security vulnerabilities. Security Event and Log Management Services Provides all the benefits of a security event management product suite without the expensive upfront capital investments and on-going overhead. Managed E-mail and Web Security Services Is designed to provide a variety of solutions to enhance clients’ existing security posture, help prevent viruses, and spam, and control unwanted content in e-mail. IBM Proventia® Network Multi-Function Security Business Challenges • Protect your business from internet threats without jeopardizing bandwidth or availability • Secure your end users from spam, incompliant activity and other productivity drainers • Conserve your resources by eliminating the need for special security expertise The Proventia Solution • Complete protection against all types of Internet threats, with firewall, intrusion prevention, and Virus Prevention System • Spam effectiveness ~95%, define Web browsing policies, filter database of +63 Million URLs in 62 categories • “Set and forget” security, automatically updated to protect against the next threat and tailored to needs of your small business or remote offices IBM Proventia® Server Business Challenges • Managing disperse security agents • Demonstrating risk and compliance • Protecting critical data, intellectual property and access to vulnerable servers • Maintaining server uptime along while providing strong host intrusion prevention technologies • Tracking file access and changes among business critical servers The Proventia Solution • Reduces security costs, protects server environments and reduces downtime • Enforces corporate security policy for servers • Provides out-of-the-box protection with advanced intrusion prevention and blocking • Utilizes multiple layers of defense to provide preemptive protection • Support operating system migration paths • Protects at-risk systems before vendor-supplied patches are available Mainline’s Security Group Line Card Meeting the customer security needs….. Infrastructure Security Email/ Content Security Identity & Access Mgt. Data Leakage Protection Web & Application Security Professional Services Managed Services IBM ISS IronPort IBM Tivoli PGP IBM Rational IBM ISS IBM ISS Check Point PineApp Novell SafeNet Breach Security IBM Rational MessageLabs Juniper MessageLabs Juniper Linoma Software Ounce Labs G2, Inc. EIQ Cisco Websense Hitachi ID Sys. IntellinX ISS SecureState Trend Micro IBM ISS . Bsafe AIS F5 Sophos Applicure Clear Skies Security Sophos Symantec Fidelis Wolcott Group eIQnetworks Verdasys Symantec Mainline Penetration Testing SPECIAL The X-Force team Drives IBM ISS Security Innovation Research Technology X-Force Protection Engines Original Vulnerability Research Public Vulnerability Analysis Malware Analysis Threat Landscape Forecasting Protection Technology Research Extensions to existing engines New protection engine creation X-Force XPU’s Security Content Update Development Security Content Update QA X-Force Intelligence X-Force Database Feed Monitoring and Collection Intelligence Sharing Solutions Microsoft Bulletin MS08-067 IBM ISS 2 years Ahead of the Threat Zero-day worm Gimmiv.a. 8 August 2006 IBM ISS releases Virtual Patch for Microsoft Windows Server Service buffer overflow (MSRPC_Srvsvc_Bo) vulnerability. http://iss.net/threats/306.h tml 23 October 2008 Microsoft publicly announces vulnerability and MS patch in Bulletin MS08-067. http://www.microso ft.com/technet/sec urity/Bulletin/MS0 8-067.mspx New exploits/worms. http://blog.threatexp ert.com/2008/10/gimmi va-exploits-zero-dayvulnerability.html http://milw0rm.com/ex ploits/6824 The IBM ISS Virtual Patch protects customers until they can download and install security updates from their software vendor. 44 Vulnerability Management Services Industry Leading ISS Internet Scanner Perimeter Vulnerability Assessment Schedule and Launch Scans via the Web Simulates a Hacker’s External Attack Full Support for Internal Scanning Step by Step Remediation Instructions Archived Scan Results Available Online Mainline Solutions for Total PCI Compliance Addressing each of the PCI Data Security Standards •IBM ISS Products & Services •Tivoli Security Compliance Manager •IBM Proventia Network Anomaly Detection System (ADS) •IBM Rational AppScan • Breach Security Web Application Firewall •IBM Server Intrusion Prevention Sys. (IPS) •IBM Proventia Network IPS • Check Point Network Firewall • Breach Security Web Application Firewall •Tivoli Console Insight Manager •IBM Tivoli Access Manager •IBM Proventia Network Multi-Function Security (MFS) •IBM Tivoli Compliance Insight Manager •IBM Tivoli Security Operations Manager •IBM Proventia Server IPS SECURE AND PROTECT CARDHOLDER DATA •Mainline Digital Video Surveillance •IBM Proventia Server IPS •IBM System z Encryption Solutions •IBM Tivoli Storage Manager •PGP Encryption Solutions • Pointsec Encryption Solutions •IBM System z network encryption •DataPower XML Security Gateway •Proventia Network Intrusion Prevention System • PGP Universal Gateway Email •IBM Tivoli Identity Manager •IBM Tivoli Federated Identity Manager •IBM Tivoli Access Manager •IBM Tivoli zSecure Admin •IBM Tivoli Compliance Insight Manager •IBM Tivoli CCMBD •IBM Rational AppScan • Breach Security Web Applic Firewall •IBM Proventia Desktop Endpoint Security •IBM Proventia Network Enterprise Scanner • IBM Tivoli Security Compliance Manager How to contact Mainline? • Cathy Samanen – Account Executive [email protected] 248-224-7202