Security Awareness Training by Fortinet

6,773 views
7,792 views

Published on

Published in: Business, Technology, Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
6,773
On SlideShare
0
From Embeds
0
Number of Embeds
4,578
Actions
Shares
0
Downloads
62
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • (The purpose of this slide is to educate customers on why they need both technologies):
    McAfee Intrusion Prevention delivers business availability by reliably stopping known and unknown attacks on your IT infrastructure.
    Industry’s most comprehensive intrusion prevention solution protecting servers to desktops and network core to edge from the threat of known, Zero-day and encrypted attacks
    Utilizing the complementary, overlapping technologies of Entercept and IntruShield, customers benefit from the best of both products:
    McAfee Entercept 5.0
    Firewall and host IPS Integration
    Behavioral rules & signatures
    Application-specific protection
    McAfee IntruShield 2.1
    Firewall and network IPS Integration
    Protection against encrypted attacks
    Host & network IPS event integration
    Why customers need both:
    Network IPS has broad network visibility and is ideal place to detect and block malicious traffic before it can arrive at a host:
    Frees up host IPS from having to process high volumes of suspicious traffic
    Platform & application independence means broad coverage for heterogeneous environment
    Ease of deployment of protection
    Host IPS is ‘last line of defense’ for attacks that evade other tools, ensuring protection when all other tools fail. Some traffic may avoid detection by NIPS:
    Contractor plugging in a segment that is behind of a NIPS sensor & attacking a server farm
    VPN/IP SEC encrypted traffic that appears normal to NIPS
    Local attack at the server itself
  • We’re talking about network PROTECTION, which is broader than just SECURITY
  • Security Awareness Training by Fortinet

    1. 1. Security Awareness Termphong Tanakulpaisal Technical Manager – IT Distribution Co.,LTD
    2. 2. Agenda • Introduction to network security – – – – – – How many type of assets in IT system? Which’s the most important asset? Why protect information? (most important one) So we need information security How to achieve the information security >> CIA concept Key success factor summary • Network threats – What’s threat and example? – How to overcome threat? (with security protection concept) – How to overcome threat? (with tools) • Network based protection system • Host based protection system • Case Study
    3. 3. Company Assets • Hardware (Physical Assets) • Software • System interfaces (e.g., internal and external connectivity) • Data and information • Persons who support and use the IT system • System mission (e.g., the processes performed by the IT system) • System and data criticality (e.g., the system’s value or importance to an organization) • System and data sensitivity NIST SP 800-30
    4. 4. Information Assets • Information is an asset which, like other important business assets, has value to an organization and consequently needs to be suitably protected » ISO/IEC17799: 2000
    5. 5. Why Information Assets are the most important? • Business Requirements – – – – Client / customer / stakeholder Marketing Trustworthy Internal management tool • Legal Requirements s ine s Bu – Revenue Department – Stock Exchange of Thailand – Copyright, patents, …. m Co t en em ag n Ma ity inu t on sC c lian p L ith ew qu Re l ga e t en m ire
    6. 6. Why Information Assets are the most important? (2) • Contractual Security Obligations – – – – – – – – Intranet connections to other BU Extranets to business partners I rity Remote connections to staff ecu S ion VPN at rm o Inf Customer networks Supplier chains SLA, contracts, outsourcing arrangement Third party access re ct u u str a nfr
    7. 7. Why we need information Security? • Information security protects information from wide range of threats in order to – Ensure Business Continuity – Minimize Business Damage – Maximize ROI and Business Opportunities • Business : Stable service to customer • Education : Availability of resources and integrity of information e.g. grade, profile, etc. » ISO/IEC17799: 2000 page iii, Introduction
    8. 8. How much should we spend on IT security? Q: How much for that each company should spend or plan for their Information System? A: …………… Baht / year Q: How much for that each company should spend or plan for their Information Security? A: …………… Baht / year
    9. 9. Why we need information Security?(2) Business impact Analysis How much does it cost per hour if people in your organization cannot access their information? (Business Impact Analysis) One big Organization -> approx 10 mil / day -> working hours 8 hrs -> 1.25 mil / hr -> 10% margin = 125k / hr if we’ve got 10 sale persons it means that we’ve lose 12,500 baht / hr if 1 salesperson can’t access their information
    10. 10. …. some more calculations… • • 100 people start their day clearing junk mails, each receives 20 junk mails per day, each mail needs 10 seconds to open/read/delete Each of these staffs gets average THB18,000 income/month from the company – Company pays THB 102.27/staff/hr – 100 people x 10 sec/mail x 20 mails/day x 220 days/yr = 1,222.2 hrs/year – Company pays for this “clearing junk mail” 125,000 Baht/year • Do you believe that – There are only 20 junk mails per day? – Average time spent is only 10 seconds/junk mail? – You pay only 18,000 Baht/month?
    11. 11. …. some more calculations… • What is a typical cost when the system is attack by virus / worm? – – – – – Amount of data destroyed and its cost Man-hour of support staff to clean the virus Idle time of other staff waiting for the system to come back Your customers’ satisfaction Your company’s reputation  So, a company spends …….. Baht each time the virus attacks
    12. 12. Security Concept • Security is preservation of confidentiality, integrity and availability of information • Confidentiality – Ensuring that information is accessible only to those authorized to have access • Integrity – Safeguarding the accuracy and completeness of information and processing methods • Availability – Ensuring that authorized users have access to information and associated assets when required » BS7799-2: 2002 page3, 3.1, 3.2, 3.3
    13. 13. Key success to obtain CIA • Policy/Process/Pocedure – Clear – Coverage – Compliance – Legal, Standard, guideline etc. • People – Awareness (e.g. Password on screen) – Discipline • Technology – Enablers – Management Tools
    14. 14. What is Threat? • Could be anything that harm your system e.g. – – – – – User Hacker/ cracker Virus Spam Etc.
    15. 15. Key Factors Driving Threat over network • Internet connection speeds are increasing for SMB as prices and technology improves: – DSL, cable modem, T1 (business class connection services) • Increase in real-time Internet applications – Web apps, VoIP, downloads, etc. require real-time security processing • Everything become online
    16. 16. Nowadays threat to you IT system • Non-Computerized system – – – – Masquerade Social Engineering Theft System malfunction (disaster, power interruption) • IT Network Threat – Network Level – Application Level
    17. 17. Threat – Network Level • Denial of Services – Services has been disable by excessive workload. • Information sniffing – Information has been tapped and viewed by unauthorized person • Unauthorized access – Low level worker can access to critical information.
    18. 18. Sample of Threats  Snooping 202.104.10.5 m-y-p-a-s-s-w-o-r-d 203.152.145.121 Telnet 203.152.145.121 username:daeng password:
    19. 19. Sample of Threats (cont.)  3-way handshake 3-way handshake SYN REQ SYN ACK ACK DATA TRANSFER WWW
    20. 20. Sample of Threats (cont.)  SYN attack 202.104.10.5 203.152.145.121 2 SYN ACK D=202.104.10.5 S=203.152.145.121 WAIT Internet WWW Attacker 1 SYN REQ D=203.152.145.121 S=202.104.10.5
    21. 21. Sample of Threats (cont.)  Smurf Attack ICMP REPLY D=203.152.149.1 S=192.168.1.1 ICMP REPLY D=203.152.149.1 S=192.168.1.2 Internet ICMP REPLY D=203.152.149.1 S=192.168.1.3 ICMP REPLY D=203.152.149.1 S=192.168.1.4 203.152.149.1 ICMP REPLY D=203.152.149.1 S=192.168.1.5 ICMP REPLY D=203.152.149.1 S=192.168.1.6 ICMP REPLY D=203.152.149.1 S=192.168.1.7 ICMP REPLY D=203.152.149.1 S=192.168.1.8 192.168.1.0 ICMP REQ D=192.168.1.255 S=203.152.149.2
    22. 22. Threat – Application Level - Virus • Virus vs Worms..? – Virus • Viruses are computer programs that are designed to spread themselves from one file to another on a single computer. • A virus might rapidly infect every application file on an individual computer, or slowly infect the documents on that computer, • but it does not intentionally try to spread itself from that computer to other computers. – Worms • Worms, on the other hand, are insidious • because they rely less (or not at all) upon human behavior in order to spread themselves from one computer to others. • The computer worm is a program that is designed to copy itself from one computer to another over a network (e.g. by using e-mail).
    23. 23. Threat – Application Level – Spam Mail • E-mail spoofing – Pretend to be someone e.g. bill_gate@microsoft.com, • Spam Mail – Unsolicited or unwanted e-mail or Phising
    24. 24. Threat – Application Level - Desktop  Desktop Threat      Viruses, worms, Trojan, Backdoor Cookies Java Script and Java Applet Zombies network Key logger (Game-Online)
    25. 25. How to overcome Threat? • We need “control” which are – Policy & Process security control to provide guideline and framework – People to control user behavior – Technology will be a tool in order to enforced Policy throughout the organization effectively.
    26. 26. Policy & Process Control • Policy Compliance – ISO 17799 • Compliance Checking – CobiT Audit Tools • NIST security standard guideline – NIST – 800 series • Organization Control – Business Continuity Plan
    27. 27. People Control • Security Awareness Training • Security Learning Continuum – Awareness, Training, Education • Responsibility Control – Need to know basis
    28. 28. People Control - Example (2) • Don't install free utilities on your computer • Run the current version of supported antivirus software and set it for regular, automatic updates • Assign a complex, hard-to-guess password to your computer (on-screen, pool) • Be alert for "phishing" scams that can result in identity theft • Promptly apply security "patches" for your operating system. • Activate your system’s firewall (Windows XP & Macintosh OS X)
    29. 29. Technology Control • Computer Security is the process of preventing and detecting unauthorized use of your computer • Prevention measures help you to stop unauthorized users (intruders) from accessing any part of you computer network • Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done. • Network and Host Based Security – Security Devices (Hardware) or Security Software
    30. 30. Network Security Protection • • • • • Firewall (Access control) IDS/IPS VPN & SSL VPN (Data Encryption) Anti-Spam (preventing un-wanted email) QoS (Quality of Services - Bandwidth Management) • Web Content Filtering • IM & P2P
    31. 31. Firewall (Access Control) Web Traffic— customers, partners, employees Email Traffic Applications/Web Services Traffic partners, customers, internal Remote user VPN Traffic remote and mobile users Internal security threat Contractors/disgruntled employees
    32. 32. Type of firewall Packet Filter • Type of firewall – Packet filtering – Application Firewall – Stateful Inspection • Type of implementation – – – – Packet Filter Screened host Dual home Host Screen Subnet (DMZ) References: CISSP Certification Screened Host Dual home Host Screened Subnet
    33. 33. Basic Firewall Implementation
    34. 34. Intrusion Detection & Intrusion Prevention Solution Known Attacks Laptop Desktop Host IPS Zero-day Attacks Server Core DOS/DDOS Edge Branch Office Network IPS
    35. 35. IDS/IPS • Detection & Prevention System • Signature & Behavior & Anomaly based
    36. 36. Virtual Private Network (VPN) • Encryption & Decryption • Public Key & Private Key • Encryption Technology – DES – 3DES – AES
    37. 37. Anti-Spam Source: Symantec/ Brightmail
    38. 38. How serious spam is? • Why do they spam? – 0.0005$ vs 1.21$ -> 0.02B vs 48.4B – 1/100,000 count as success • How much does spam is? <spamcorp.net> – ~6 e-mail/sec 360 e-mail/min 21,600 e-mail/hr • How do they get my e-mail? – Webboard, forum, etc. • Does spam legal? • How to Protect yourself from getting spam?
    39. 39. Why Spam Matters for Business • Before: a nuisance -> Today: a serious business problem Problems 1) Lost Employee Productivity Symptoms • Employees deleting spam • Employees complaining about spam 2) Unnecessary IT Costs • • • • 3) Phishing and email fraud • Employees and customers falling victim to fraud and identify theft IT administrator salary Mail server CPU Storage Bandwidth Business Impacts • Employees are spending 50 or more hours per year dealing with spam • With AntiSpam solutions costing $10-15 per year – significant positive ROI • IT administrators responding to help desk tickets to fight spam with no tools • Spam requiring constant upgrading of mail infrastructure capacity • Damage to brand • Support cost
    40. 40. Phising Example
    41. 41. Phising Example
    42. 42. Phishing Example (2)
    43. 43. Spam control
    44. 44. Web-Content Filtering • Cracks and Hacks Tools Website – Spyware, Trojan, Virus, etc. • Banner & Advertising – Adware, Toolbar, Spam – Subscribe, Credit card no., etc. • Drugs, Gambling, Weapon, etc. • Pornography, Nude, Adult Materials • Shopping Online (Credit card issues)
    45. 45. FortiGuard Web Filtering Enhancements • Block Override – Authoritative user logs in to enable site block override – Bypasses filter block on a user’s session and lasts until timer expires • Rate Image – URL rating capabilities are extended to include image URLs contained in web page – rates gif, jpeg, png, bmp, and tiff images • Web Filter Consolidation – Web filter menu items of URL Exempt, URL Block, and Web Pattern have been consolidated to a single menu item to speed configuration • Active Directory Integration – Single sign-on – Policy based on AD User/Group – Requires FSAE agent software
    46. 46. Web Filtering: Banned Word
    47. 47. Desktop Security • • • • • Anti – Virus VPN - Client Personal Firewall IDS Web-Filtering – Small group, Home used, Computer Laboratory, etc.
    48. 48. URL Filtering
    49. 49. Instant Messaging(IM)/Peer-to-Peer(P2P) • IM – Virus – Exploit – Voice Chat • P2P – Bandwidth Usage – Spyware – BackDoor
    50. 50. Enterprise IM, P2P Challenges Viruses, worms Worms programmed to chat Virus via malicious URL Rootkit via file install Internet Internet Traffic bottlenecks Confidentiality breech Lack of visibility / management tools • • • • Lack of usage & user controls Protecting against new threats Gaining control of bandwidth usage Management & reporting insight
    51. 51. IM & P2P Access Control
    52. 52. Gartner’s Analysis
    53. 53. Regulations Don’t Matter, but Auditors Do
    54. 54. Convergence Brings Evolutionary Efficiencies
    55. 55. Cyberthreat Hype Cycle
    56. 56. Conclusion • PPT • Security system without performance degradation • "You don't put brakes on a car to go slower, you put brakes on a car to go faster, more safely. Along the same lines, IT security is not meant to slow down a company, but rather to enhance and facilitate the growth of a company... safer growth."--Quoted from Gartner Group's Information Security Show, June 2001

    ×