KBOM
Download
1 / 35

KBOM - PowerPoint PPT Presentation


  • 173 Views
  • Uploaded on

KBOM. Aim. Develop a series of Success Factors for infrastructure security Demonstrate the Success Factors in a Physical security analogy Extend the analogy to the Digital world Describe typical faults in infrastructure security. Good Security Security Success Factors.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'KBOM' - kerri


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

Kbom 1336623
Aim

  • Develop a series of Success Factors for infrastructure security

  • Demonstrate the Success Factors in a Physical security analogy

  • Extend the analogy to the Digital world

  • Describe typical faults in infrastructure security


Good security security success factors
Good SecuritySecurity Success Factors

  • Multiple layers of protection

    • Defence in-depth

    • No direct access to customer data

  • Utilises multiple technologies including

    • Access control

    • Breach detection

    • Auditing or recording key events

  • Should integrate Human and Mechanised systems

  • What is not specific required is denied


Security systems

Security systems

Testing the key success factors in the real world


Good security a physical analogy

SecurityCamera

Good Security: A Physical Analogy

Motion Detector

Guard


Security success factors applied

Multiple layers of security

- “buys” time to repel attacker and prevents bert endangering the jewels

Security Success Factors Applied

Multiple technologies including

  • Access control

  • Breach detection

  • Auditing

  • Ensures one fault does not put the crown jewels at risk

  • Use of manual and digital security

    Guard


    E security systems

    E-security systems

    Relating the digital-world to the real world


    E security systems1

    E-security systems

    A model that works



    Security success factors applied1

    Alert

    Corporate

    Network

    Internet

    Audit

    Logs

    Security Success Factors Applied

    Interface of manual and digital security

    Security

    Console

    Multiple technologies including

    • Access control

    • Breach detection

    • Auditing

  • Ensures one fault does not put the crown jewels at risk

  • data

    • Multiple layers of security

    • “buys” time to repel attacker and prevents bert endangering the jewels

    • Customer data not inDMZ



    Kbom 1336623

    No proper design documentation – only a collection of clip-art

    No ip addresses or server details etc

    Too much new and diverse technology – multiple UNIX & Multiple Windows OS versions make it operational

    unviable

    Design rules applied with no understanding so for example multiple firewalls provide no extra protection

    No Desk Check done !!!!!

    Data checking ing download ed scripts

    Authentication flawed or

    SPI Unencrypted

    No centralised Time server or logging server

    No administration access or terminal servers so when things go wrong it is impossible to get access

    Standing data stored in DMZonly protected by 1

    Layer of security

    Common Faults

    Overall configuration & design

    Corporate

    Databases

    Customer

    Data

    Enterprise Systems

    Encrypted information securely transferring over the Internet

    Further protection of the Intranet

    Internet

    Internal Firewall

    Intranet

    Web Server

    Perimeter Firewall

    Application

    Server

    ?

    Authentication and permissions

    ?

    Merchant securely identified via Certificates

    Central role of the application server that will connect to all data sources

    Internet

    Databases

    SET payment protocol that sends the user’s details directly to the bank

    Certification

    Authority

    Bank

    User securely identified via certificates


    Common faults router

    Corporate clip-art

    Network

    Internet

    Audit

    Logs

    Common Faults: Router

    • Access lists absent, incomplete or applied to the wrong interface

    • SNMP open with Community string of Public & ... (Go on, have a guess)

    • Telnet open - allowing unrestricted terminal access to the internet

    • Small services open

    And even if the perimeter router isn’t yours

    WHO PAYS THE PRICE IF IT IS HACKED


    Bad config router 1 of 1
    Bad Config - router 1 of 1 clip-art

    pants#show startup-config

    hostname pants

    enable password cisco

    interface Serial0/0

    ip address 194.117.132.10 255.255.255.252

    interface FastEthernet1/0

    ip address 192.188.144.81 255.255.255.252

    ip route 0.0.0.0 0.0.0.0 194.117.132.9

    ip route 192.193.97.65 255.255.255.255 195.188.144.82

    snmp-server community public RO

    snmp-server community private RW

    line con 0

    line aux 0

    line vty 0 4

    password cisco

    login

    !


    After
    After clip-art


    After router 1 of 2
    After router 1 of 2 clip-art

    service password-encryption

    no service udp-small-servers

    no service tcp-small-servers

    hostname pants

    enable secret 5 $1$s1gN$TDLK8LhaSdgKlDUpR84OY1

    enable password notused

    !

    interface Serial0/0

    ip address 192.117.132.10 255.255.255.8

    ip access-group 102 in

    !

    interface FastEthernet1/0

    ip address 195.188.144.81 255.255.255.0

    ! ip access-group 103 in


    After router 1 of 21
    After router 1 of 2 clip-art

    ! Management controls

    access-list 1 permit 193.193.97.65

    access-list 1 permit 193.193.116.0 0.0.0.255

    !

    ! Spoof & rfc 1918 filter

    access-list 102 deny ip 195.188.144.0 0.0.0.255 any

    access-list 102 deny ip 10.0.0.0 0. 255 . 255 .255 any

    !

    ! Traffic filter

    access-list 102 permit tcp any host 195.188.144.68 eq www

    access-list 102 permit tcp any host 195.188.144.66 eq smtp

    access-list 102 permit ip any host 195.188.144.66

    !

    ! Egress rules

    access-list 103 permit ip 195.188.144.0 0.0.0.255 any

    access-list 103 deny ip any any


    Kbom 1336623

    snmp-server community x1xx RO 1 clip-art

    snmp-server community x1xx RW 1

    line con 0

    password GMxQttt98

    login

    line aux 0

    line vty 0 4

    access-class 1 in

    password Tmtttts

    login


    Common faults firewalls

    Corporate clip-art

    Network

    Internet

    Audit

    Logs

    Common Faults - Firewalls

    • No anti-spoofing

    • Default passwords, Rules or Config

    • Unused services

    • Rules confused + undocumented

    • No consideration given to error logging or the return connection (which can stop many hacks !!!)

    • Changes to the Configuration not logged

    • No reporting of authorisation failures


    Before pix 1 of 3
    Before Pix 1 of 3 clip-art

    nameif ethernet0 outside security0

    nameif ethernet1 inside security100

    hostname firewall

    fixup protocol ftp 21

    fixup protocol http 80

    fixup protocol smtp 25

    fixup protocol h323 1720

    fixup protocol sqlnet 1521

    names

    pager lines 24

    no logging console

    no logging monitor

    no logging buffered errors

    no logging trap

    logging facility 20


    Before pix 2 of 3
    Before Pix 2 of 3 clip-art

    interface ethernet0 auto

    interface ethernet1 auto

    ip address outside 11.73.2.222 255.255.255.0

    ip address inside 11.73.7.251 255.255.255.0

    nat (inside) 0 0.0.0.0 0.0.0.0 0 0

    static (inside,outside) 11.73.1.2 161.73.1.2 netmask 255.255.255.255 0 0

    static (inside,outside) 11.73.1.1 161.73.1.1 netmask 255.255.255.255 0 0

    conduit permit tcp host 11.73.1.1 eq smtp any

    conduit permit tcp host 11.73.1.2 eq www any

    conduit permit tcp host 11.73.1.2 eq telnet any


    Before pix 3 of 3
    Before Pix 3 of 3 clip-art

    apply (inside) 11 outgoing_src

    rip outside passive

    rip outside default

    rip inside passive

    rip inside default

    route outside 0.0.0.0 0.0.0.0 161.73.2.234 1

    no snmp-server location

    no snmp-server contact

    snmp-server community public

    no snmp-server enable traps

    telnet 11.73.140.99 255.255.255.255

    telnet timeout 5

    floodguard 1

    Cryptochecksum:8c7bc2b51a5bd78305c83a14f13e9c7b


    After1
    After clip-art


    After pix 1 of 3
    after Pix 1 of 3 clip-art

    nameif ethernet0 outside security0

    nameif ethernet1 inside security100

    hostname firewall

    no fixup protocol ftp 21

    fixup protocol http 80

    fixup protocol smtp 25

    no fixup protocol h323 1720

    no fixup protocol sqlnet 1521

    names

    pager lines 24

    no logging console

    logging host 192.2.2.1

    logging trap 3

    logging facility 20


    After pix 2 of 3
    After clip-art Pix 2 of 3

    interface ethernet0 auto

    interface ethernet1 auto

    ip address outside 11.73.2.222 255.255.255.0

    ip address inside 11.73.7.251 255.255.255.0

    nat (inside) 0 0.0.0.0 0.0.0.0 0 0

    static (inside,outside) 11.73.1.2 161.73.1.2 netmask 255.255.255.255 0 0

    static (inside,outside) 161.73.1.1 161.73.1.1 netmask 255.255.255.255 0 0

    conduit permit tcp host 11.73.1.1 eq smtp any

    conduit permit tcp host 11.73.1.2 eq www any

    conduit permit tcp host 11.73.1.2 eq telnet any

    outbound 11 permit 11.73.0.0 255.255.0.0 smtp tcp

    outbound 11 deny 11.73.0.0 255.255.0.0 www tcp

    apply (inside) 11 outgoing_src


    After pix 3 of 3
    After clip-art Pix 3 of 3

    rip outside passive

    rip outside default

    rip inside passive

    rip inside default

    route outside 0.0.0.0 0.0.0.0 161.73.2.234 1

    no snmp-server location

    no snmp-server contact

    no snmp-server community public

    no snmp-server enable traps

    telnet 11.73.140.99 255.255.255.255

    telnet timeout 5

    floodguard 1

    Cryptochecksum:8c7bc2b51a5bd78305c83a14f13e9c7b




    Common faults web server

    Corporate clip-art

    Network

    Internet

    Audit

    Logs

    Common Faults - Web Server

    • Whoops - SSL is not enabled

    • Critical data in the DMZ – Classical example of pointless Multiple layers

    • Default CGI script or Administration servlets only protected by a simple(Default!!) passwords

    • Developer SDK and doco available

    • Operating systems not properly hardened and configured


    Common faults applications

    Corporate clip-art

    Network

    Internet

    Audit

    Logs

    Common Faults - Applications

    • Confidential screens and information (perhaps passwords) unencrypted – in URL or in cookies

    • Passwords used for high-value transactions

    • Application authorization that “should work” (as long as you don’t try it)

    • No proper application logging or alerting –making fraud easy


    Common faults ids

    Corporate clip-art

    Network

    Internet

    Audit

    Logs

    Common Faults - IDS

    • Focusing on known-attacks rather than anomalous traffic

    • Not updating it regularly

      • Attacks emerge every day

    • Encryption

      • Encryption is our friend – but if you install a network based IDS to monitor encrypted traffic what is it

    • Putting them in a wrong place

      • You don’t put a motion detector outside your house


    Kbom 1336623

    KBOM clip-art


    ad