1 / 19

Thanks For Recovering… Now I Can Hack You

Thanks For Recovering… Now I Can Hack You. Charles Greene, CISSP, GSLC. Speaker Bio. Senior Information Security Architect I&AM Team Lead, DR Team Lead Bachelor's Degree in Information Systems from Virginia Commonwealth University

benny
Download Presentation

Thanks For Recovering… Now I Can Hack You

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Thanks For Recovering…Now I Can Hack You Charles Greene, CISSP, GSLC

  2. Speaker Bio Senior Information Security Architect I&AM Team Lead, DR Team Lead Bachelor's Degree in Information Systems from Virginia Commonwealth University Master's Degree in Disaster Sciences from the University of Richmond CISSP, GIAC Security Leadership Certification SANS Mentor - MGT-512 Security Leadership Essentials and MGT-432 Information Security for Business Managers GIAC Advisory Board

  3. Leading Questions… How many of your organizations perform annual Disaster Recovery Tests? How many of you are Information Security Professionals? How many Information Security Professionals play an active part in Disaster Recovery Tests? Why? Why Not?

  4. Disaster Recovery Journal, Winter 2013 Vol.26, Num.1

  5. Agenda • Disaster Recovery Test Scenario • DR Test Security Vector Identification • Other Considerations Open and Interactive Dialogue Thoughts About DR Testing Ultimate Goal of Enhancing DR Test Plans

  6. Background Scenario DR Assignment DR responsibilities • Operations • System Architects • Management • Security • DR Lead – RTO/RPO • Sys Admin – RECOVERY • Sec Admin - Security In this scenario, the DR tasks were assigned to Systems/Network Management. The DR teams were comprised of Systems and Network Administrators and the Security Administrators had no role in DR planning or exercises.

  7. What Happened? • Focus on Recovery • Developed and Reviewed by Systems Administrators • Test Planning for RTO/RPO Planning

  8. What Happened? Test Execution • Going as Planned • Ah Ha Moment • Vendor Response

  9. What Happened? Mitigation • Security Realization • Identify DR Vectors of Attack • Plan Updates

  10. Vector Identification • Local Switch Infrastructure

  11. Vector Identification • Local Switch Infrastructure • Who controls the switch configurations? • Can you verify the configs? • Who has physical access to the switches?

  12. Vector Identification • Firewall Configurations • When is the FW recovered? • What does it protect? • Is it complete?

  13. Vector Identification • System Administrator Devices • Is there corporate data on the laptop? • Will this device connect to the DR network? • Create a Device Use Policy

  14. Vector Identification • VPN Access • Does it bypass the Firewall? • Identity and Access Management?

  15. Vector Identification • Server Configurations • Timing of the build process might create opportunities • Use a protected build DMZ to lessen the risk

  16. It’s Your Data…Protect It! • Recovering Live Data • Incident Handling at DR location • Logging?

  17. Update Your Plans! • Goals for DR Testing • Experience • Plan Verification

  18. Questions/Discussion

  19. Thank You! Chip Greene, CISSP, GSLC Senior Information Security Architect SANS Mentor (MGT-512, MGT-432) cgreene2@richmond.edu cgreene2@mcvh-vcu.edu

More Related