1 / 29

Cyber Criminal Methods & Prevention Techniques

Cyber Criminal Methods & Prevention Techniques. By Larry.Boettger@Berbee.com Matt.Jach@Berbee.com. Meeting Agenda. Trends Attacker Motives and Methods Areas of Concern Typical Assessment Findings ISO-17799 & NIST Typical Remediation Costs. FBI / CSI Statistics.

barbie
Download Presentation

Cyber Criminal Methods & Prevention Techniques

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cyber Criminal Methods & Prevention Techniques By Larry.Boettger@Berbee.com Matt.Jach@Berbee.com

  2. Meeting Agenda • Trends • Attacker Motives and Methods • Areas of Concern • Typical Assessment Findings • ISO-17799 & NIST • Typical Remediation Costs

  3. FBI / CSI Statistics • Every Year Dollars are Lost due to Cyber Criminal Activity • Greatest Loss = Proprietary Information • Second Greatest Loss = Denial of Service

  4. Confidentiality Integrity Availability Elements to Protect Security Availability

  5. Everything is a Target

  6. Cyber Criminals Motives • Financial Rewards • Politics • Show Off • Personal Gratification • They know they can

  7. Intruder Methods • Web Site Research • User Groups • Email Staff • Call Modems • Read Trash • Impersonated Someone You Trust • Scan Your Systems • War Drive Your Wireless

  8. Intruder Methods Cont. • Use Known and Unknown Exploits • Viruses, Trojans & Worms • Phishing • Attack Partner Networks to Gain Access to Yours • Sniff Your Traffic • Brute Force Passwords • Spam You • Denial of Service

  9. Most Common Items to Protect • Intellectual Property • Customer’s And Staff’s Privacy • Confidential Data • System Availability • Reputation • Regulatory Challenges

  10. Assessment Benefits • Roadmap • Establishes Baseline • Strengthens Security • Provides Due Diligence • Efficient Formal Audits • Finds the Weak Areas

  11. How To Identify and Prioritize Risk • Holistic Approach • Comprehensive reviews (infrastructure, server, application, etc.) • Based on Organizational Security Policy, and taking full life cycle into account • Consider people and processes, as well as technology • Sensible, accessible documentation • Helpful to executive decision-makers: explanation of risk in business terms • Helpful to managers: project plans, prioritization of tasks • Helpful to technical staff: clear standards, specific recommendations • Threat Modeling • Identifying assets • Identifying threats • Making qualitative (or quantitative) assessments of risk

  12. Top Ten Security Risks • Policies & Procedures • Security Awareness • Access and Authorization • Patch Management • Mis-Configured Systems & Applications • Encryption & Digital Signatures • Incident Handling Processes • Disaster Recovery & Business Continuity • Physical Safeguards • Intentional Bypassing of Security Controls

  13. Security Policies • Communicate Your Organizations Commitment to Security • Provide a Baseline and Roadmap for Security Controls • Demonstrate Due Diligence • All Pertinent Security Control Information Communicated • Realistic – Manageable • Enforceable

  14. Security Awareness • A well trained user will assist your security efforts • Time needs to be invested in user training • A well trained user usually requires less help desk support

  15. Access & Authorization • Weak Passwords • Sharing Accounts • Not Enforced • Easy to Exploit • Prevention • Strong Security Policies • Utilize OS Complex Password Configuration • Implement Technical Authorization, Authentication and Accounting Mechanisms (AAA) • Implement Two-Factor Authentication

  16. Patch Management • Hard to Manage • Less Window of Opportunity • Exploits are coming too fast • Can Break System • Require Resources • Prevention • Strong Patch Management Mechanisms – Automate • Add Intrusion Prevention Mechanisms

  17. Mis-Configured Systems • Assure only needed or updated Services • Strengthen SNMP Strings • Secure Wireless Networks • Remove Default Settings • Filter Outgoing Access at Firewall

  18. Encryption / Digital Signatures Protects Against: • Forging • Impersonation/ Spoofing • Eavesdropping • Intercepting • Denial of Receipt or Send (Non-Repudiation)

  19. Incident Handling Process • Intrusion Prevention/Detection • Anti-virus Mechanisms • Logging/Auditing • Strong Policies and Documentation

  20. Disaster Recovery & Business Continuity • Formal Plan • Prioritized Systems • Standard Backup Process • Tested Backups • Redundant Systems

  21. Physical Safeguards • Visitor Badges • Building & Data Center Access/Monitoring • Fire Prevention/Suppression & Detection • UPS Testing and Load

  22. Intentional By-Passing of Security Controls • Installing • Modems • Wireless Networks • Gotomypc or other remote access items • Unauthorized Software – Games, Screensavers, etc • Prevention • Strong Security Policies • Centralized and Managed Intrusion Prevention Mechanisms • Implement Network Admission Control

  23. Importance of NIST & ISO-17799 • National Institute of Standards & Technology Referenced Throughout Most Regulations • Policies and Procedures Are Critical to NIST Best Practices • ISO-17799 is Industry Recognized Standard for Security • ISO-17799 Covers 10 Areas of Security • Each ISO-17799 Area Has Individual Security Items • If You Follow NIST and ISO-17799 You Would Have a Strong Security Posture and Should Pass Almost Every Audit • Combine NIST 800-26 Levels and ISO-17799

  24. ISO-17799 Covered Areas • Security Policies • Organizational Security • Asset Classification & Control • Personnel Security • Physical and Environmental Security • Communications & Operations Management • Access Control • System Development & Maintenance • Business Continuity Management • Compliance

  25. NIST Legend • Level 1 – control objective documented in a security policy • Level 2 – security controls documented as procedures • Level 3 – procedures have been implemented • Level 4 – procedures and security controls are tested and reviewed • Level 5 – procedures and security controls are fully integrated into a comprehensive program.

  26. ISO-17799 Graph Sample

  27. Remediation Costs • It is important to budget for remediation • A security assessment without remediation efforts is a waste of time and money • Remediation usually involves resource time and product cost • It is important to budget for one time and reoccurring costs

  28. Remediation – First Steps • Prioritize Risks and Remediation Steps • Align Business and IT Strategies • Establish Resources – Internal, External, Products • Establish Internal SLAs between IT and Business Units

  29. Internet Links & Question/Answers Thank You • www.berbee.com • www.cisco.com • www.ibm.com • www.microsoft.com • www.rsa.com • www.gocsi.com • www.sans.org • www.nist.gov

More Related